Do i have to acquire the original token from the user's sts and use
that to put on my DefaultSTSIssuedTokenConfiguration for the service's
sts? Not quite sure how to do that. They are both issued tokens.

On 5/2/2012 10:39 AM, notoadw@gmail.com wrote:
> Do i have to acquire the original token from the user's sts and use
> that to put on my DefaultSTSIssuedTokenConfiguration for the service's
> sts? Not quite sure how to do that. They are both issued tokens.
>
> Thanks.
>

Can you do this in code (manually requesting the token with the
STSIssuedTokenFeature) like in the other examples and posts your blog?

On Wed, May 2, 2012 at 1:56 PM, wrote:

> No. It can be handled transparently in Metro:
> see http://metro.java.net/guide/**ch12.html#ahiex
>
> On 5/2/2012 10:39 AM, notoadw@gmail.com wrote:
>
>> Do i have to acquire the original token from the user's sts and use
>> that to put on my DefaultSTSIssuedTokenConfigura**tion for the service's
>> sts? Not quite sure how to do that. They are both issued tokens.
>>
>> Thanks.
>>

Can you do this in code (manually requesting the token with the
STSIssuedTokenFeature) like in the other examples and posts your blog?

On Wed, May 2, 2012 at 1:56 PM, wrote:

> No. It can be handled transparently in Metro:
> see http://metro.java.net/guide/**ch12.html#ahiex
>
> On 5/2/2012 10:39 AM, notoadw@gmail.com wrote:
>
>> Do i have to acquire the original token from the user's sts and use
>> that to put on my DefaultSTSIssuedTokenConfigura**tion for the service's
>> sts? Not quite sure how to do that. They are both issued tokens.
>>
>> Thanks.
>>

To clarify, I was hoping to not use the client config as described in the
documentation you provided. I would prefer doing this in code by using
the DefaultSTSIssuedTokenConfigura**tion. I am just not sure how to do it
for the brokered trust example.

Thanks for your help.

On Wed, May 2, 2012 at 2:21 PM, notoadw wrote:

> Can you do this in code (manually requesting the token with the
> STSIssuedTokenFeature) like in the other examples and posts your blog?
>
> On Wed, May 2, 2012 at 1:56 PM, wrote:
>
>> No. It can be handled transparently in Metro:
>> see http://metro.java.net/guide/**ch12.html#ahiex
>>
>> On 5/2/2012 10:39 AM, notoadw@gmail.com wrote:
>>
>>> Do i have to acquire the original token from the user's sts and use
>>> that to put on my DefaultSTSIssuedTokenConfigura**tion for the service's
>>> sts? Not quite sure how to do that. They are both issued tokens.
>>>
>>> Thanks.
>>>
>>> ------------------------------**-
>>> Looking at http://wsit.java.net/docs/**trust-whitepaper.pdf
>>>
>>> Section 4: brokering trust across domains
>>> is exactly what I want to do. I am looking at getting the token for the
>>> service on the service domain sts manually...
>>> ------------------------------**-----
>>> I have two STS, A and B. I have a service that's registered as a
>>> relying party on STS B. I can make requests for users in the domain of
>>> STS B to get a token and use it to make a request on my service.
>>>
>>> My sample code for users looks like this:
>>>
>>> DefaultSTSIssuedTokenConfigura**tion stsConfig = new
>>> DefaultSTSIssuedTokenConfigura**tion();
>>> stsConfig.setProtocol(**STSIssuedTokenConfiguration.**PROTOCOL_13);
>>> stsConfig.setSTSInfo(localSTS, locallSTSMex);
>>> stsConfig.getOtherOptions().**put(BindingProvider.USERNAME_**PROPERTY,
>>> username);
>>> stsConfig.getOtherOptions().**put(BindingProvider.PASSWORD_**PROPERTY,
>>> password);
>>> stsConfig.getOtherOptions().**put(**STSIssuedTokenConfiguration.**
>>> APPLIES_TO,
>>> realm);
>>>
>>> STSIssuedTokenFeature feature = new STSIssuedTokenFeature(**stsConfig);
>>>
>>> Svc_Service client = new Svc_Service();
>>> Svc port = client.serviceMethodPort(**feature);
>>>
>>> I am trying to do the same for users that will authenticate on STS A. I
>>> can't find any examples anywhere including the documentation that will
>>> allow me to cross the trust relationship, getting the token initially
>>> from STS A and using that to get a token from STS B for my service.
>>>
>>> Any guidance is appreciated.
>>>
>>> Thanks!
>>>
>>
>

On 5/2/2012 11:32 AM, notoadw wrote:
> To clarify, I was hoping to not use the client config as described in
> the documentation you provided. I would prefer doing this in code by
> using the DefaultSTSIssuedTokenConfiguration. I am just not sure how
> to do it for the brokered trust example.
>
> Thanks for your help.
>
> On Wed, May 2, 2012 at 2:21 PM, notoadw > wrote:
>
> Can you do this in code (manually requesting the token with the
> STSIssuedTokenFeature) like in the other examples and posts your
> blog?
>
> On Wed, May 2, 2012 at 1:56 PM, > wrote:
>
> No. It can be handled transparently in Metro:
> see http://metro.java.net/guide/ch12.html#ahiex
>
> On 5/2/2012 10:39 AM, notoadw@gmail.com
> wrote:
>
> Do i have to acquire the original token from the user's
> sts and use
> that to put on my DefaultSTSIssuedTokenConfiguration for
> the service's
> sts? Not quite sure how to do that. They are both issued
> tokens.
>
> Thanks.
>
> -------------------------------
> Looking at http://wsit.java.net/docs/trust-whitepaper.pdf
>
> Section 4: brokering trust across domains
> is exactly what I want to do. I am looking at getting the
> token for the
> service on the service domain sts manually...
> -----------------------------------
> I have two STS, A and B. I have a service that's
> registered as a
> relying party on STS B. I can make requests for users in
> the domain of
> STS B to get a token and use it to make a request on my
> service.
>
> My sample code for users looks like this:
>
> DefaultSTSIssuedTokenConfiguration stsConfig = new
> DefaultSTSIssuedTokenConfiguration();
> stsConfig.setProtocol(STSIssuedTokenConfiguration.PROTOCOL_13);
> stsConfig.setSTSInfo(localSTS, locallSTSMex);
> stsConfig.getOtherOptions().put(BindingProvider.USERNAME_PROPERTY,
> username);
> stsConfig.getOtherOptions().put(BindingProvider.PASSWORD_PROPERTY,
> password);
> stsConfig.getOtherOptions().put(STSIssuedTokenConfiguration.APPLIES_TO,
> realm);
>
> STSIssuedTokenFeature feature = new
> STSIssuedTokenFeature(stsConfig);
>
> Svc_Service client = new Svc_Service();
> Svc port = client.serviceMethodPort(feature);
>
> I am trying to do the same for users that will
> authenticate on STS A. I
> can't find any examples anywhere including the
> documentation that will
> allow me to cross the trust relationship, getting the
> token initially
> from STS A and using that to get a token from STS B for my
> service.
>
> Any guidance is appreciated.
>
> Thanks!
>
>
>

On 5/2/2012 12:31 PM, jiandong.guo... wrote:
> There is a sample for this. Check my blog:
>
> https://blogs.oracle.com/trustjdg/entry/handling_token_and_key_requireme...
>
>
> On 5/2/2012 11:32 AM, notoadw wrote:
>> To clarify, I was hoping to not use the client config as described in
>> the documentation you provided. I would prefer doing this in code by
>> using the DefaultSTSIssuedTokenConfiguration. I am just not sure
>> how to do it for the brokered trust example.
>>
>> Thanks for your help.
>>
>> On Wed, May 2, 2012 at 2:21 PM, notoadw > > wrote:
>>
>> Can you do this in code (manually requesting the token with the
>> STSIssuedTokenFeature) like in the other examples and posts your
>> blog?
>>
>> On Wed, May 2, 2012 at 1:56 PM, > > wrote:
>>
>> No. It can be handled transparently in Metro:
>> see http://metro.java.net/guide/ch12.html#ahiex
>>
>> On 5/2/2012 10:39 AM, notoadw@gmail.com
>> wrote:
>>
>> Do i have to acquire the original token from the user's
>> sts and use
>> that to put on my DefaultSTSIssuedTokenConfiguration for
>> the service's
>> sts? Not quite sure how to do that. They are both
>> issued tokens.
>>
>> Thanks.
>>
>> -------------------------------
>> Looking at http://wsit.java.net/docs/trust-whitepaper.pdf
>>
>> Section 4: brokering trust across domains
>> is exactly what I want to do. I am looking at getting the
>> token for the
>> service on the service domain sts manually...
>> -----------------------------------
>> I have two STS, A and B. I have a service that's
>> registered as a
>> relying party on STS B. I can make requests for users in
>> the domain of
>> STS B to get a token and use it to make a request on my
>> service.
>>
>> My sample code for users looks like this:
>>
>> DefaultSTSIssuedTokenConfiguration stsConfig = new
>> DefaultSTSIssuedTokenConfiguration();
>> stsConfig.setProtocol(STSIssuedTokenConfiguration.PROTOCOL_13);
>> stsConfig.setSTSInfo(localSTS, locallSTSMex);
>> stsConfig.getOtherOptions().put(BindingProvider.USERNAME_PROPERTY,
>> username);
>> stsConfig.getOtherOptions().put(BindingProvider.PASSWORD_PROPERTY,
>> password);
>> stsConfig.getOtherOptions().put(STSIssuedTokenConfiguration.APPLIES_TO,
>> realm);
>>
>> STSIssuedTokenFeature feature = new
>> STSIssuedTokenFeature(stsConfig);
>>
>> Svc_Service client = new Svc_Service();
>> Svc port = client.serviceMethodPort(feature);
>>
>> I am trying to do the same for users that will
>> authenticate on STS A. I
>> can't find any examples anywhere including the
>> documentation that will
>> allow me to cross the trust relationship, getting the
>> token initially
>> from STS A and using that to get a token from STS B for
>> my service.
>>
>> Any guidance is appreciated.
>>
>> Thanks!
>>
>>
>>

What where does the local STS get the token from the MySTS. Is there a way
to do this in code directly without the configuration of the client to hook
up to both STS' WSDLs?

Thanks.

On Wed, May 2, 2012 at 3:35 PM, wrote:

> The sample is:
> wsit/samples/ws-trust/runtime
>
>
> On 5/2/2012 12:31 PM, jiandong.guo... wrote:
>
> There is a sample for this. Check my blog:
>
>
> https://blogs.oracle.com/trustjdg/entry/handling_token_and_key_requireme...
>
>
> On 5/2/2012 11:32 AM, notoadw wrote:
>
> To clarify, I was hoping to not use the client config as described in the
> documentation you provided. I would prefer doing this in code by using
> the DefaultSTSIssuedTokenConfiguration. I am just not sure how to do it
> for the brokered trust example.
>
> Thanks for your help.
>
> On Wed, May 2, 2012 at 2:21 PM, notoadw wrote:
>
>> Can you do this in code (manually requesting the token with the
>> STSIssuedTokenFeature) like in the other examples and posts your blog?
>>
>> On Wed, May 2, 2012 at 1:56 PM, wrote:
>>
>>> No. It can be handled transparently in Metro:
>>> see http://metro.java.net/guide/ch12.html#ahiex
>>>
>>> On 5/2/2012 10:39 AM, notoadw@gmail.com wrote:
>>>
>>>> Do i have to acquire the original token from the user's sts and use
>>>> that to put on my DefaultSTSIssuedTokenConfiguration for the service's
>>>> sts? Not quite sure how to do that. They are both issued tokens.
>>>>
>>>> Thanks.
>>>>
>>>> -------------------------------
>>>> Looking at http://wsit.java.net/docs/trust-whitepaper.pdf
>>>>
>>>> Section 4: brokering trust across domains
>>>> is exactly what I want to do. I am looking at getting the token for the
>>>> service on the service domain sts manually...
>>>> -----------------------------------
>>>> I have two STS, A and B. I have a service that's registered as a
>>>> relying party on STS B. I can make requests for users in the domain of
>>>> STS B to get a token and use it to make a request on my service.
>>>>
>>>> My sample code for users looks like this:
>>>>
>>>> DefaultSTSIssuedTokenConfiguration stsConfig = new
>>>> DefaultSTSIssuedTokenConfiguration();
>>>> stsConfig.setProtocol(STSIssuedTokenConfiguration.PROTOCOL_13);
>>>> stsConfig.setSTSInfo(localSTS, locallSTSMex);
>>>> stsConfig.getOtherOptions().put(BindingProvider.USERNAME_PROPERTY,
>>>> username);
>>>> stsConfig.getOtherOptions().put(BindingProvider.PASSWORD_PROPERTY,
>>>> password);
>>>> stsConfig.getOtherOptions().put(STSIssuedTokenConfiguration.APPLIES_TO,
>>>> realm);
>>>>
>>>> STSIssuedTokenFeature feature = new STSIssuedTokenFeature(stsConfig);
>>>>
>>>> Svc_Service client = new Svc_Service();
>>>> Svc port = client.serviceMethodPort(feature);
>>>>
>>>> I am trying to do the same for users that will authenticate on STS A. I
>>>> can't find any examples anywhere including the documentation that will
>>>> allow me to cross the trust relationship, getting the token initially
>>>> from STS A and using that to get a token from STS B for my service.
>>>>
>>>> Any guidance is appreciated.
>>>>
>>>> Thanks!
>>>>
>>>
>>
>

> What where does the local STS get the token from the MySTS. Is there a
> way to do this in code directly without the configuration of the client to
> hook up to both STS' WSDLs?
>
> Thanks.
>
> On Wed, May 2, 2012 at 3:35 PM, wrote:
>
>> The sample is:
>> wsit/samples/ws-trust/runtime
>>
>>
>> On 5/2/2012 12:31 PM, jiandong.guo... wrote:
>>
>> There is a sample for this. Check my blog:
>>
>>
>> https://blogs.oracle.com/trustjdg/entry/handling_token_and_key_requireme...
>>
>>
>> On 5/2/2012 11:32 AM, notoadw wrote:
>>
>> To clarify, I was hoping to not use the client config as described in the
>> documentation you provided. I would prefer doing this in code by using
>> the DefaultSTSIssuedTokenConfiguration. I am just not sure how to do it
>> for the brokered trust example.
>>
>> Thanks for your help.
>>
>> On Wed, May 2, 2012 at 2:21 PM, notoadw wrote:
>>
>>> Can you do this in code (manually requesting the token with the
>>> STSIssuedTokenFeature) like in the other examples and posts your blog?
>>>
>>> On Wed, May 2, 2012 at 1:56 PM, wrote:
>>>
>>>> No. It can be handled transparently in Metro:
>>>> see http://metro.java.net/guide/ch12.html#ahiex
>>>>
>>>> On 5/2/2012 10:39 AM, notoadw@gmail.com wrote:
>>>>
>>>>> Do i have to acquire the original token from the user's sts and use
>>>>> that to put on my DefaultSTSIssuedTokenConfiguration for the service's
>>>>> sts? Not quite sure how to do that. They are both issued tokens.
>>>>>
>>>>> Thanks.
>>>>>
>>>>> -------------------------------
>>>>> Looking at http://wsit.java.net/docs/trust-whitepaper.pdf
>>>>>
>>>>> Section 4: brokering trust across domains
>>>>> is exactly what I want to do. I am looking at getting the token for the
>>>>> service on the service domain sts manually...
>>>>> -----------------------------------
>>>>> I have two STS, A and B. I have a service that's registered as a
>>>>> relying party on STS B. I can make requests for users in the domain of
>>>>> STS B to get a token and use it to make a request on my service.
>>>>>
>>>>> My sample code for users looks like this:
>>>>>
>>>>> DefaultSTSIssuedTokenConfiguration stsConfig = new
>>>>> DefaultSTSIssuedTokenConfiguration();
>>>>> stsConfig.setProtocol(STSIssuedTokenConfiguration.PROTOCOL_13);
>>>>> stsConfig.setSTSInfo(localSTS, locallSTSMex);
>>>>> stsConfig.getOtherOptions().put(BindingProvider.USERNAME_PROPERTY,
>>>>> username);
>>>>> stsConfig.getOtherOptions().put(BindingProvider.PASSWORD_PROPERTY,
>>>>> password);
>>>>> stsConfig.getOtherOptions().put(STSIssuedTokenConfiguration.APPLIES_TO,
>>>>> realm);
>>>>>
>>>>> STSIssuedTokenFeature feature = new STSIssuedTokenFeature(stsConfig);
>>>>>
>>>>> Svc_Service client = new Svc_Service();
>>>>> Svc port = client.serviceMethodPort(feature);
>>>>>
>>>>> I am trying to do the same for users that will authenticate on STS A. I
>>>>> can't find any examples anywhere including the documentation that will
>>>>> allow me to cross the trust relationship, getting the token initially
>>>>> from STS A and using that to get a token from STS B for my service.
>>>>>
>>>>> Any guidance is appreciated.
>>>>>
>>>>> Thanks!
>>>>>
>>>>
>>>
>>
>

My STSs are both ADFS so i am letting them put claims on the token. I
don't see in any of the files here that use a token from the Remote STS to
put on a call to the Local STS to get the service entirely in code.

Is this the sample you are referring too?

Thanks!

On Wed, May 2, 2012 at 3:35 PM, wrote:

> The sample is:
> wsit/samples/ws-trust/runtime
>
>
> On 5/2/2012 12:31 PM, jiandong.guo... wrote:
>
> There is a sample for this. Check my blog:
>
>
> https://blogs.oracle.com/trustjdg/entry/handling_token_and_key_requireme...
>
>
> On 5/2/2012 11:32 AM, notoadw wrote:
>
> To clarify, I was hoping to not use the client config as described in the
> documentation you provided. I would prefer doing this in code by using
> the DefaultSTSIssuedTokenConfiguration. I am just not sure how to do it
> for the brokered trust example.
>
> Thanks for your help.
>
> On Wed, May 2, 2012 at 2:21 PM, notoadw wrote:
>
>> Can you do this in code (manually requesting the token with the
>> STSIssuedTokenFeature) like in the other examples and posts your blog?
>>
>> On Wed, May 2, 2012 at 1:56 PM, wrote:
>>
>>> No. It can be handled transparently in Metro:
>>> see http://metro.java.net/guide/ch12.html#ahiex
>>>
>>> On 5/2/2012 10:39 AM, notoadw@gmail.com wrote:
>>>
>>>> Do i have to acquire the original token from the user's sts and use
>>>> that to put on my DefaultSTSIssuedTokenConfiguration for the service's
>>>> sts? Not quite sure how to do that. They are both issued tokens.
>>>>
>>>> Thanks.
>>>>
>>>> -------------------------------
>>>> Looking at http://wsit.java.net/docs/trust-whitepaper.pdf
>>>>
>>>> Section 4: brokering trust across domains
>>>> is exactly what I want to do. I am looking at getting the token for the
>>>> service on the service domain sts manually...
>>>> -----------------------------------
>>>> I have two STS, A and B. I have a service that's registered as a
>>>> relying party on STS B. I can make requests for users in the domain of
>>>> STS B to get a token and use it to make a request on my service.
>>>>
>>>> My sample code for users looks like this:
>>>>
>>>> DefaultSTSIssuedTokenConfiguration stsConfig = new
>>>> DefaultSTSIssuedTokenConfiguration();
>>>> stsConfig.setProtocol(STSIssuedTokenConfiguration.PROTOCOL_13);
>>>> stsConfig.setSTSInfo(localSTS, locallSTSMex);
>>>> stsConfig.getOtherOptions().put(BindingProvider.USERNAME_PROPERTY,
>>>> username);
>>>> stsConfig.getOtherOptions().put(BindingProvider.PASSWORD_PROPERTY,
>>>> password);
>>>> stsConfig.getOtherOptions().put(STSIssuedTokenConfiguration.APPLIES_TO,
>>>> realm);
>>>>
>>>> STSIssuedTokenFeature feature = new STSIssuedTokenFeature(stsConfig);
>>>>
>>>> Svc_Service client = new Svc_Service();
>>>> Svc port = client.serviceMethodPort(feature);
>>>>
>>>> I am trying to do the same for users that will authenticate on STS A. I
>>>> can't find any examples anywhere including the documentation that will
>>>> allow me to cross the trust relationship, getting the token initially
>>>> from STS A and using that to get a token from STS B for my service.
>>>>
>>>> Any guidance is appreciated.
>>>>
>>>> Thanks!
>>>>
>>>
>>
>

In the sample, I don't see where the token to the Local STS is retrieved
using the token from Remote (MySTS) in code. I see the
MySTSIssuedTokenConfiguration and in the FinancialClient, that is used, but
am having trouble understanding where the two STS connect to eachother.

Thanks for the guidance.

On Wed, May 2, 2012 at 3:51 PM, notoadw wrote:

> Thanks for the pointer. I am look at thist:
> http://java.net/projects/wsit/sources/svn/content/trunk/wsit/samples/ws-...
>
> My STSs are both ADFS so i am letting them put claims on the token. I
> don't see in any of the files here that use a token from the Remote STS to
> put on a call to the Local STS to get the service entirely in code.
>
> Is this the sample you are referring too?
>
> Thanks!
>
> On Wed, May 2, 2012 at 3:35 PM, wrote:
>
>> The sample is:
>> wsit/samples/ws-trust/runtime
>>
>>
>> On 5/2/2012 12:31 PM, jiandong.guo... wrote:
>>
>> There is a sample for this. Check my blog:
>>
>>
>> https://blogs.oracle.com/trustjdg/entry/handling_token_and_key_requireme...
>>
>>
>> On 5/2/2012 11:32 AM, notoadw wrote:
>>
>> To clarify, I was hoping to not use the client config as described in the
>> documentation you provided. I would prefer doing this in code by using
>> the DefaultSTSIssuedTokenConfiguration. I am just not sure how to do it
>> for the brokered trust example.
>>
>> Thanks for your help.
>>
>> On Wed, May 2, 2012 at 2:21 PM, notoadw wrote:
>>
>>> Can you do this in code (manually requesting the token with the
>>> STSIssuedTokenFeature) like in the other examples and posts your blog?
>>>
>>> On Wed, May 2, 2012 at 1:56 PM, wrote:
>>>
>>>> No. It can be handled transparently in Metro:
>>>> see http://metro.java.net/guide/ch12.html#ahiex
>>>>
>>>> On 5/2/2012 10:39 AM, notoadw@gmail.com wrote:
>>>>
>>>>> Do i have to acquire the original token from the user's sts and use
>>>>> that to put on my DefaultSTSIssuedTokenConfiguration for the service's
>>>>> sts? Not quite sure how to do that. They are both issued tokens.
>>>>>
>>>>> Thanks.
>>>>>
>>>>> -------------------------------
>>>>> Looking at http://wsit.java.net/docs/trust-whitepaper.pdf
>>>>>
>>>>> Section 4: brokering trust across domains
>>>>> is exactly what I want to do. I am looking at getting the token for the
>>>>> service on the service domain sts manually...
>>>>> -----------------------------------
>>>>> I have two STS, A and B. I have a service that's registered as a
>>>>> relying party on STS B. I can make requests for users in the domain of
>>>>> STS B to get a token and use it to make a request on my service.
>>>>>
>>>>> My sample code for users looks like this:
>>>>>
>>>>> DefaultSTSIssuedTokenConfiguration stsConfig = new
>>>>> DefaultSTSIssuedTokenConfiguration();
>>>>> stsConfig.setProtocol(STSIssuedTokenConfiguration.PROTOCOL_13);
>>>>> stsConfig.setSTSInfo(localSTS, locallSTSMex);
>>>>> stsConfig.getOtherOptions().put(BindingProvider.USERNAME_PROPERTY,
>>>>> username);
>>>>> stsConfig.getOtherOptions().put(BindingProvider.PASSWORD_PROPERTY,
>>>>> password);
>>>>> stsConfig.getOtherOptions().put(STSIssuedTokenConfiguration.APPLIES_TO,
>>>>> realm);
>>>>>
>>>>> STSIssuedTokenFeature feature = new STSIssuedTokenFeature(stsConfig);
>>>>>
>>>>> Svc_Service client = new Svc_Service();
>>>>> Svc port = client.serviceMethodPort(feature);
>>>>>
>>>>> I am trying to do the same for users that will authenticate on STS A. I
>>>>> can't find any examples anywhere including the documentation that will
>>>>> allow me to cross the trust relationship, getting the token initially
>>>>> from STS A and using that to get a token from STS B for my service.
>>>>>
>>>>> Any guidance is appreciated.
>>>>>
>>>>> Thanks!
>>>>>
>>>>
>>>
>>
>